Lebanon News

New ‘surgical’ virus targets Lebanon in wave of cyberattacks

The attacks on computers are capable of stealing data and causing computer malfunctions. (The Daily Star/Mahmoud Kheir)

BEIRUT: A digital virus launched a “surgical attack” against computers in Lebanon as part of a multi-wave espionage operation to control computers and steal information, according to a report released Monday by a leading anti-virus software company.

In recent months, several anti-virus computer companies have discovered a barrage of viruses targeting computers in mostly Iran and Lebanon. The attacks, capable of stealing data and causing computer malfunctions, were so sophisticated that many experts agree they could only be authored by a handful of countries that have considerable programming abilities.

The latest discovery of miniFlame by Kaspersky Lab provides more evidence that all of the attacks were authored and controlled by the same group of hackers with specific aims in the Middle East.

Kaspersky’s report offers the first look into a precision attack that was likely a coordinated campaign. The sophisticated computer virus infected a small number of computers, which hackers identified during waves of larger-scale cyberattacks.

“‘MiniFlame’ is a small fully functional espionage module designed for data theft and direct access to infected systems,” the report read.

“The miniFlame malware is not widespread. It is probably deployed only on a very small number of ‘high profile’ victims,” it said, adding that it had detected 50 to 60 infected computers that the hackers would have direct access to.

The hackers could control the computer’s operation or take information from it from command servers in other countries.

The malware is one of many cyberattacks that have come to light after Russian-based Kaspersky Lab began to seek out viruses to protect their clients.

In August, the virus Guass was discovered infiltrating many computer systems in Lebanon, mining personal information, particularly that related to bank accounts.

The specialized virus sent shock waves through the country’s banking sector, which had already been fighting off what it says are unsubstantiated U.S. Treasury Department accusations of involvement in drug or money laundering schemes.

The attack also demonstrated that Lebanon has been drawn into the crosshairs of a large cyber espionage campaign that has been ongoing in the Middle East, possibly carried out partially by the United States.

So far Kaspersky Lab has discovered and mapped five related espionage computer viruses. Stuxnet, the farthest reaching cyberattack, was reported by the New York Times to have been distributed by the United States under a direct order from President Barack Obama.

The virus infected around 300,000 computers and was credited with causing equipment malfunction at Iranian nuclear facilities. According to the New York Times, Obama approved Stuxnet as part of a slate of cyberattacks developed by Israel and the United States to set back the Iranian nuclear program.

Another virus named Duqu targeted industrial systems but on a much smaller scale.

Early this year it was found that computers across the Middle East were also infected with the Flame virus, which mined data and broke codes with an expert level cryptography, stunning the hacking community.

Stuxnet, Duqu, Flame and Gauss shared so many technical similarities that Kaspersky Lab and Symantec anti-virus company said they likely all came from the same cyber factory.

The latest details about miniFlame revealed further links among the viruses. MiniFlame was found to communicate with both Flame and Gauss and share networks with the two otherwise distinct pieces of malware.

Connections between the viruses make their relationship and overall purpose clearer, even if the exact target and author can’t definitively be determined, Kaspersky Lab said.

“If Flame and Gauss were massive spy operations, infecting thousands of users, miniFlame/SPE is a high precision, surgical attack tool,” the Kaspersky Lab report said.

Some cybersecurity experts caution against drawing a direct line between the attacks. There are no easy identifiers, and analysts have to draw conclusions based on structure.

But cybersecurity expert Daniel Bilar said much doubt about the intent of the viruses and their connections was dispelled after the latest discovery.

“This is one more piece of corroborating evidence,” he said.

“We saw what certain modules of what Flame did, we saw what Gauss did two months or so ago, and this has enough links with both of them because it comes from the same roots. So it’s highly unlikely that this would be something other than espionage.”

A version of this article appeared in the print edition of The Daily Star on October 16, 2012, on page 4.




Your feedback is important to us!

We invite all our readers to share with us their views and comments about this article.

Disclaimer: Comments submitted by third parties on this site are the sole responsibility of the individual(s) whose content is submitted. The Daily Star accepts no responsibility for the content of comment(s), including, without limitation, any error, omission or inaccuracy therein. Please note that your email address will NOT appear on the site.

Alert: If you are facing problems with posting comments, please note that you must verify your email with Disqus prior to posting a comment. follow this link to make sure your account meets the requirements. (http://bit.ly/vDisqus)

comments powered by Disqus



Interested in knowing more about this story?

Click here